<?php

function login($account, $password){
  if(!isset($account) || !isset($password)) return false;
  
  $db = Vuelta::get_database_connection();

  $enc = DatabaseConnection::sanitize(md5($password));
  $account = DatabaseConnection::sanitize($account);
  $query = "SELECT * FROM account WHERE
            email='$account' AND
            activated='1' AND
            password='$enc'";
  $res = $db->query($query);
  $db->close();
  if($row = mysql_fetch_array($res)) {
    sset('id', $row['id']);
    sset('email', $row['email']);
    sset('name', $row['name']);
    return true;
  } else {
    return false;

  }
}

if(phas('email') && phas('password')){
  login(pget('email'), pget('password'));
}

?>

<div class="left">
  <div id="login" class="thin-border">
    
      <?php
        if(is_logged_in()){ 
          $email = sget('email'); ?>
      <div id="user-nav">
        <p><?=$email?></p>
        <ul>
        <?php
          $links = array(
            Vuelta::web_path('profile.php') => 'profiel', 
            Vuelta::web_path('overview.php') => 'overzicht',
            Vuelta::web_path('choose.php') => 'selectie',
            Vuelta::web_path('extra.php') => 'toevoegingen',
            Vuelta::web_path('logout.php') => 'log uit',
          );
          $current_path = $_SERVER['PHP_SELF'];
          foreach ($links as $page => $name) {
            $attr = ($current_path == $page) ? 'class="current"' : '';?>
            <li><a <?=$attr?> href="<?=$page?>"><?=$name?></a></li> <?php
          }
        ?>
      </ul>
    </div>
    <?php } else { ?>
    <form action="login.php" method="POST">
        <p>gebruikersnaam</p>
        <input type="text" name="email" autofocus="autofocus" required="required">

        <p>wachtwoord</p>
        <input type="password" name="password" required="required">

        <button>log in</button>
    </form>
      <?php } ?>
 </div>
</div>
